Instrumentation tools, such as Spring Insight from the SpringSource division of VMware, Inc., are able to monitor the execution of a “target” application, such as a web application, by inserting instrumentation code into the target application, for example, during loading of the target application into a runtime environment, such as a Java virtual machine or an application server such as Apache Tomcat. When executed, the instrumentation code, in real-time captures pieces of data (e.g., referred to as operations), such as which methods or functions of the target application are being called, the arguments of such methods, how long methods run, etc. The captured pieces of data are referred to as a “trace” and may be sent by the instrumentation code to a separate user interface application (referred to herein as a “profiler”) that an administrator may use to display and analyze the trace. The trace may help an administrator monitor application performance metrics and analyze any problems that occurred during the execution of the application, such as problematic web requests or method calls ending in errors.
The target application, depending upon its purpose, may process data that contains sensitive information, such as credit card numbers/security codes and passwords. For example, the target application may be an ecommerce web application that provides users the ability to enter credit card information or may be a payroll web application that enables employees to enter usernames and passwords to access their payroll information. Such sensitive information may be ultimately passed through various components of the target application, including as arguments and results in methods, database calls, etc. When an administrator utilizes an instrumentation tool that inserts instrumentation code into such target applications, the trace captured by such instrumentation code that is ultimately transmitted to and displayed by a profiler may thus include such sensitive information. As such, a developer of the target application (or other interested party, such as a primary administrator deploying the target application across business units within an enterprise who is sensitized to the possibility of administrators within such business units using such instrumentation tools to manage performance of their particular deployment of the target application) may not want such sensitive information included in the trace, for example, to protect sensitive information of users of the target application from be revealed to an administrator who is analyzing the performance of the application.